CN101989242A - Bus monitor for improving safety of SOC (System on a Chip) as well as realizing method thereof - Google Patents

Bus monitor for improving safety of SOC (System on a Chip) as well as realizing method thereof Download PDF

Info

Publication number
CN101989242A
CN101989242A CN2010105409948A CN201010540994A CN101989242A CN 101989242 A CN101989242 A CN 101989242A CN 2010105409948 A CN2010105409948 A CN 2010105409948A CN 201010540994 A CN201010540994 A CN 201010540994A CN 101989242 A CN101989242 A CN 101989242A
Authority
CN
China
Prior art keywords
bus
unit
monitor
data
register
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2010105409948A
Other languages
Chinese (zh)
Other versions
CN101989242B (en
Inventor
刘华预
王良清
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
GUOWEI GROUP (SHENZHEN) Co.,Ltd.
Original Assignee
Shenzhen State Micro Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen State Micro Technology Co Ltd filed Critical Shenzhen State Micro Technology Co Ltd
Priority to CN2010105409948A priority Critical patent/CN101989242B/en
Priority to US13/322,086 priority patent/US8601536B2/en
Priority to PCT/CN2011/000326 priority patent/WO2012062023A1/en
Priority to EP11784403.5A priority patent/EP2472408B1/en
Publication of CN101989242A publication Critical patent/CN101989242A/en
Application granted granted Critical
Publication of CN101989242B publication Critical patent/CN101989242B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention discloses a bus monitor for improving the safety of an SOC (System on a Chip) as well as a realizing method thereof. The bus monitor is arranged between a system bus and a system control unit and comprises a setting unit, a condition judging unit, an effective data selecting unit, a hardware algorithm unit and a comparison output unit. The method of the invention can be used for monitoring bus behavior on the premise that the bus access efficiency is not influenced, detecting whether special bus access sequence behavior concerned by the system can be changed because of accidents, interpolation and malicious fault attacks and alarming the system if the special bus access sequence behavior is changed so that the system adopts a suitable safe measure to prevent security risks and prevent confidential information from being divulged because of incorrect system safety operation.

Description

A kind of bus monitor and its implementation that improves the SOC security of system
Technical field
The present invention relates to SOC System on Chip/SoC safety, particularly a kind of bus monitor and its implementation that improves the SOC security of system.
Background technology
Along with the quickening of social informatization process, the security of information more and more becomes the important topic of concern, research.Safe SOC chip is widely used in the every field of information society, and its major function comprises the safe storage of user's critical data, electronic signature, identity discriminating and data encrypting and deciphering etc.Safe SOC chip is the core of its residing system security controls, so the security of itself is most important.Just because of the importance of data in the safe SOC chip, various attack meanses at safety SOC chip emerge in an endless stream.Security strategy corresponding to the various attack means has obtained deep research and realization at present.Security initialization, storage encryption protection, memory integrity verification, bus protection etc. are modal security strategies.The purpose of these security strategies all is that the expectation safety chip moves by a kind of safe mode, but their defective is the behavior that stresses to protect, and pays close attention to not enough to the effect of protection.And a lot of safety practices are confined to a certain independent protection behavior, can limit protection to the storer specific region such as storage protection.Many times, the safety protecting mechanism of system need be finished by sequence of operations, and such as carrying out one section indivisible specific security program, safety protecting mechanism needs this security procedure intactly can not be ended or be performed with inserting other program.Whether unusual present safe SOC chip pins few to the detection safeguard measure research of series of operations behavior on the data transmission channel.Experienced assailant can utilize bug to revise the operation action of safety chip, and wherein common attack mode comprises attack patterns such as jump instruction is attacked, interruption attack, stack smashing; Or directly carry out the execution that fault attacks destroys security initialization or security procedure, cause the chip operation exception.In order to remedy this defective, under traditional safeguard protection strategy, should increase to these security strategies final embody the behavior of bus sequence and detect.Very unfortunate, directly the scheme that the transmission channel system bus of data is monitored in real time by certain security algorithm is temporarily blank.
Therefore, how the transmission channel system bus of data being monitored in real time, how to be judged whether the behavior of bus sequence is normal, is safe SOC chip problem demanding prompt solution with the purpose that reaches the safe SOC chip of protection.
Summary of the invention
The objective of the invention is to solve above-mentioned problems of the prior art, propose a kind of bus monitor and its implementation that improves the SOC security of system.
The present invention finds mistake by the correctness and the integrality that monitor the corresponding specific bus access sequence behavior on the SOC bus of security configuration process or security procedure operational process, and the warning of generation system, thereby effectively prevents leakage of information.
The technical solution used in the present invention is, a kind of bus monitor that improves the SOC security of system is proposed, described bus monitor is arranged between system bus and the system control unit, comprise dispensing unit, condition judgment unit, valid data selected cell, hardware algorithm unit and comparison output unit, wherein:
Described dispensing unit is used to be provided with the configuration information that need monitor with the memory bus control signal, and upgrades the state of bus monitor;
Described condition judgment unit is according to the configuration information of dispensing unit, and in conjunction with the current bus behavioural information that bus control signal provides, judging whether needs to start supervisory work, when needs are monitored, generates control signal to the valid data selected cell;
Described valid data selected cell is according to the control information of condition judgment unit and the configuration information of dispensing unit, key from the bus address of bus access, bus master number, bus read data or write data and dispensing unit is selected bus and is monitored data to be calculated, and send into the hardware algorithm unit, notice hardware algorithm unit is treated computational data and is carried out computing;
Described hardware algorithm unit carries out computing according to the control signal that dispensing unit, condition judgment unit send to the data to be calculated of valid data selected cell output, and final calculation result is sent to the comparison output unit;
Described relatively output unit compares the result of hardware algorithm unit output with the condition that dispensing unit presets, triggering alerting signal when inconsistent, and be sent to system control unit.
The present invention also proposes a kind of bus method for monitoring of the SOC of raising security of system, comprises the following steps:
Step 1. is provided with the configuration information that needs in the bus monitoring process in dispensing unit;
Step 2. condition judgment unit is according to the configuration information of dispensing unit, the current bus behavioural information that provides in conjunction with bus control signal, judge whether bus is monitored, and generate control signal, send data to be calculated to the hardware algorithm unit to control valid data unit;
Step 3. valid data selected cell is according to the control information of condition judgment unit, the data of from bus address, bus master number, bus read data or write data, dispensing unit output key, selecting to be calculated, and data to be calculated are sent to the hardware algorithm unit, indication hardware algorithm unit carries out computing to it;
The control signal that the described hardware algorithm of step 4. unit sends according to the valid data selected cell is treated computational data and is carried out computing by the selected algorithm of dispensing unit, and final calculation result is sent to the comparison output unit;
The described relatively output unit of step 5. compares the result of hardware algorithm unit output with the expected result that dispensing unit presets, triggering alerting signal and be sent to system control unit when inconsistent;
Step 6. when bus monitor finish once effectively visit computing after, its inner counter increases progressively automatically, and returns step 2 and repeat to monitor; After bus monitor is finished effective access times that dispensing unit monitors the length register definition, can stop to monitor according to the control mode of control register, or wait when satisfying the bus access that monitors initial conditions next time and taking place, repeat supervision.
Compared with prior art, the present invention has following beneficial effect:
1, the present invention is in considering traditional safe SOC chip; stress behavior to important data protection; pay close attention to not enough to the effect of protection; a kind of possible risk is: the protection behavior had been lost efficacy under malicious attack or chance failure; system but can not in time take to remedy safety practice, thereby causes leakage of information.The present invention is by monitoring safe SOC chip bus sequence visit behavior, can in time sound a warning to improper bus sequence visit behavior to system, help system in time to take to remedy safety practice, realized a kind of bus monitor of the SOC of raising system information safety;
2, the present invention can effectively improve the resistivity of SOC system to fault attacks, can be in time security configuration or key procedure be given a warning to system in malice fault or the misdeed that is not intended under the fault, and the assurance system can in time take the safety practice remedied;
3, the present invention can solve the integrality and the authenticity of security configuration process and key procedure from final bus transfer passage, and the raising system is to security configuration data and key procedure tamper-resistance;
4, the present invention treats the configurability of monitoring data in the complicacy of considering bus timing itself, and the configurability that monitors length, has realized the real time monitoring to the bus behavior;
5, the present invention carries out the integral algorithm computing to the bus address and the data of specific access sequence in the safety SOC system operational process with configurable key, judges by more final operation result and expected result whether the specific access sequence is distorted;
6, the present invention can prevent that bus address or significant data are forged or are attacked;
7, the present invention can prevent that the bus master from pretending to be another bus master to initiate bus access;
8, the present invention is after the bus sequence of finishing regulation monitors, according to the security of system needs, whether the user can determine to repeat to monitor;
9, the present invention does not influence the system bus behavior;
10, there is the situation that crashes or collapse in the present invention in the system that considers, and causing the bus wait timeout, the configurable max-timeout latent period of user is when the bus wait surpasses default maximum wait period, then note overtime all behaviors of bus take place, and provide overtime caution signal.The SOC system can be according to overtime warning message force revert bus transfer, and carries out abnormality processing.This mechanism has prevented that effectively safe SOC system is in the improper behavior of unexpected waiting-timeout situation for a long time, has improved the work efficiency of bus, guarantees the timely execution of some mission criticals;
11, the present invention is adapted to the safe SOC system of data sensitive, pregnable many application scenarioss especially, and is easy to integratedly, whole SOC chip sequential and performance is not caused burden.
Description of drawings
Below in conjunction with accompanying drawing and preferred embodiment the present invention is described in detail, wherein:
Fig. 1 is the inner structure synoptic diagram of bus monitor of the present invention in safety SOC chip;
Fig. 2 is the theory diagram of bus monitor among Fig. 1;
Fig. 3 is the workflow diagram of bus monitor;
Fig. 4 is the connection schematic block diagram of bus monitor in the unibus safety SOC chip;
Fig. 5 is the connection schematic block diagram of bus monitor in the multibus safety SOC chip.
Embodiment
Core concept of the present invention is: to the real time monitoring that carries out of the bus transfer sequence that relates to safety-critical, the bus transfer sequence behavior of Jian Shiing does not meet anticipatory behavior if desired, then judge the bus transfer sequence because be not intended to fault or malice fault or distort reason such as attack unusual, in time give a warning to system, the assurance system can handle in time that this is unusual.
The safe SOC(System on Chip that Fig. 1 proposes for the present invention) the inner structure synoptic diagram of built-in bus monitor in the chip.Comprising: SOC system bus 1, be installed in bus monitor 21 and system control unit 22 in the SOC chip 2.SOC system bus 1 is the critical passage of data carrying in the safe SOC chip, main equipment (as CPU, DMA) is all finished transmission by SOC system bus 1 to the operation that slave unit (as sheet internal memory RAM etc.) carries out data, so SOC system bus 1 is being played the part of very important role in safety SOC chip.
As shown in Figure 2, the bus monitor 21 of the present invention's proposition comprises effective data selection unit 201, condition judgment unit 202, overtime detecting unit 203, dispensing unit 204, hardware algorithm unit 205 and compares output unit 206.According to design requirement, the design of each unit module realizes all can in time making appropriate adjustment.
Dispensing unit 204 is used for memory bus monitor arrangement information, mainly is made up of control register, supervision initial address register, supervision length register, main equipment register, preset key register, expectation supervision result register, bus state register, overtime register and Fault Address Register etc.The function that each register parts are realized is described in detail as follows:
Control register is used for writing down the conventional configuration information of main equipment to bus monitor 21, bus monitor 21 need move according to these configuration informations, comprise the monitor enable bit, this is the overall control bit of bus monitor 21, the user can be effective or disarmed state by this position of configuration, inspects bus monitor 21 to enable or not enable bus; The trigger mode control bit of bus monitor 21 is selected from following two kinds of patterns by disposing this realization supervision start-up mode: begin immediately to monitor or begin to monitor from assigned address; Repeat to monitor and enable control bit, be different conditions decision whether startup repetition function for monitoring by disposing this position, repeat function for monitoring if start, after finishing the supervision of appointment effective length sequence, when guard condition is satisfied in next bus behavior, start supervision once more, otherwise after finishing the supervision of effective length sequence, stop to monitor; Overtime supervision control bit determines the whether overtime behavior of monitor bus by disposing this; The guard condition control bit is with deciding the bus access sequence which bus access is only needs supervision; Monitoring algorithms is selected the position, and according to security needs, the deviser can programme voluntarily, and behavior monitors which kind of algorithm of decision use to bus; Data to be calculated are selected the position, and indication selects part or full content as data to be calculated from the bus master that satisfies guard condition number, bus address, bus read data, bus write data and preset key.
Monitor that initial address register is used for the initial monitor address of record trunk monitor 21.When the trigger mode control bit be chosen as begin from assigned address to monitor after, under the situation that guard condition satisfies, when bus monitor 21 monitors this start address of bus operation matching addresses, just start to monitor, otherwise bus monitor is in the not idle condition of execution monitoring.
Monitor that length register is used for the valid bus access sequence length that recording user needs bus monitor 21 to monitor.After function for monitoring starts, whenever monitor the bus access of complete fulfillment guard condition, monitor that length register increases progressively once, after finishing the specified length of supervision length register, this bus sequence monitors and finishes.The valid data selected cell 201 of bus monitor 21 is selected the controlled condition of position and condition judgment unit 202 according to data to be calculated, from the bus master that satisfies guard condition number, bus address, bus read data, bus write data and preset key, select part or full content as data to be calculated, deliver to hardware algorithm unit 205 and carry out computing, relatively output unit 206 starts comparing function, and comparative result is delivered to system control unit 22.
The main equipment register is used for configuration bus monitor 21 major device number to be monitored.If guard condition HRP-configured master device number coupling then has only main equipment that bus monitor 21 detects current bus operation with in the main equipment register during one or more major device numbers coupling, just satisfy guard condition.This function can prevent that certain non-safe bus master from pretending to be another bus master to initiate bus access.When bus monitor 21 detects the main equipment of current executable operations when illegal, the information that in time gives a warning stops key message to be obtained or destroy by illegality equipment.
The preset key register is used for the key that the configuration monitoring process is used, and this key is not readable.In the bus monitor 21 of the present invention's design, key can participate in computing at certain fixing point, also can participate in computing in real time, can prevent effectively that the assailant from distorting expected result according to the bus monitor principle, further guarantee the integrality and the security of monitoring process.
After expectation monitors that result register is used to be configured in designated length bus sequence supervision end, the operation result of the monitoring data of user expectation.
The bus state register be used to be recorded in finish specified length bus ordered sequence and monitor after; relatively output unit 206 writes final comparative results (normal or make mistakes) wherein, and whether the user can inquire about certain section bus operation by the bus state register in the dispensing unit 204 normal.Simultaneously, bus monitor monitors to other bus behavior such as overtime etc. also will in the bus state register, reflect.The existence of this register has guaranteed that main equipment can know the bus behavior at any time.
Overtime register is used to write down maximum bus apparatus latent period.The user can make appropriate configuration according to the needs of system itself, such as when existing certain equipment often to need long latent period in the system, can give bigger value of overtime register configuration.Usually, when the overtime register of configuration, need assess, draw a suitable value, promptly can not report overtime behavior by mistake and also can not fail to report overtime behavior, guarantee the work efficiency of bus the SOC system equipment.When bus timeout, bus monitor will in time send overtime caution signal, and indication mechanism forces to finish current bus access, and anti-locking system causes the potential safety hazard or the system failure because of bus timeout.
Fault Address Register is used for the address that overtime fault takes place record trunk, after overtime detecting unit 203 detects the bus timeout behavior, to be written to Fault Address Register to the bus address that timeout mode takes place, main equipment can obtain bus timeout information by reading this register.
Dispensing unit 204 is equivalent to a slave unit in the SOC system, and in bus monitor 21 of the present invention, can whether accurate being related to of its configuration realize the bus function for monitoring of design in advance.
Condition judgment unit 202 is main logic unit of the present invention, is mainly used to judge whether bus operation satisfies the guard condition of bus monitor 21.The guard condition control bit that it provides according to dispensing unit 203 comprises that to bus the control information of address filters in real time.Indication valid data selected cell 201 obtains effective content and sends into hardware algorithm unit 205 and calculate when bus operation satisfies guard condition; If bus operation does not satisfy guard condition, then ignore this bus operation.The condition judgment unit can be the one or more of following condition to the filtercondition of bus operation: major device number coupling or not, instruction fetch operation or data transfer operation, read access or write access, privilege access or generic access or the like.Utilize the major device number matching condition, can monitor the bus operation of designated master device number; Utilize the instruction fetch operation condition, can the monitor microprocessors execution process instruction.If be indifferent to major device number, can not enable the major device number matching feature, can accessing operations all on the bus all be monitored like this.The condition judgment unit judges also the bus sequence of specified length monitors whether finish, and sends to hardware algorithm unit 205 finishing indicator signal.
Valid data selected cell 201, control information according to the condition judgment unit, to satisfying the bus operation of guard condition, the data of from bus address, bus master number, bus read data or write data, dispensing unit output key, selecting to be calculated, and data set to be calculated is made into the form that makes things convenient for computing is sent to hardware algorithm unit 205, indication hardware algorithm unit carries out computing to it.
Hardware algorithm unit 205 is core cells of the present invention, and can the speed of its operating rate is directly connected to the real-time of bus supervision.Receive valid data selected cell 201 send calculate indicator signal after, the hardware algorithm unit promptly starts, and the data to be calculated that the algorithm that provides according to dispensing unit 204 selects control bit to select suitable hardware algorithm that valid data selected cell 205 is sent here are carried out computing.After the indicator signal of receiving the supervision end that condition judgment unit 202 is sent, computing is finished in the hardware algorithm unit, and operation result is passed to comparison output unit 206, and original state is got back in hardware algorithm unit 205 afterwards, waits for the beginning that monitor next time.The hardware algorithm unit includes but not limited to following algorithm: (as CRC-16, CRC-32), Hash (HASH) algorithm is (as SHA-1, SHA-256), symmetric encipherment algorithm is (as AES, DES) etc. for the Cyclic Redundancy Check algorithm.The CRC algorithm is fairly simple, can finish calculating apace, and real-time is best.HASH algorithm computation complexity, but its integrality effect that guarantees the bus sequence is better than CRC algorithm.Symmetric encipherment algorithm is between CRC algorithm and HASH algorithm.The hardware algorithm unit is selected to support those hardware algorithms, is depended on the bus frequency and the hardware algorithm processing power of system bus.The safety chip deviser can determine integrated one or more algorithms wherein according to index requests such as chip sequential and areas.
Relatively output unit 206 is responsible for realizing expectation in hardware algorithm unit 205 final computing gained results and the dispensing unit 204 is monitored that the result register value compares in the present invention, if the two is inconsistent, think that promptly the behavior of bus sequence is because attack or failure and other reasons take place unusual, information in time gives a warning, deliver to system control unit 22, system control unit 22 is according to user's configuration in advance, make rational response at the bus sequence errors, such as requiring the master and slave equipment of cpu reset or part to quit work etc.This real-time treatment mechanism has guaranteed that system's significant data under under attack, situation about destroying, can make system-level response according to the safe class of information, has guaranteed the safety of whole security system to the full extent.
Whether overtime detecting unit 203 is used for detecting the SOC bus overtime.The maximum bus latent period that it is provided with according to overtime register in current bus control signal and the dispensing unit 204, whether monitor bus operation in real time exists overtime behavior; When the bus latent period surpasses the set maximum bus latent period of overtime register, overtime detecting unit 203 triggers overtime warning message, deliver to system control unit 22, system control unit 22 is according to user's configuration in advance, and rational response is made in behavior at bus timeout.A kind of common overtime response mechanism is: system forces to finish the super work of current bus earlier, carries out exception handler then this overtime behavior is handled.This mechanism has prevented that effectively safe SOC system is in the improper behavior of unexpected waiting-timeout situation for a long time, guarantees the timely execution of some mission criticals, guarantees that system does not cause the potential safety hazard or the system failure because of accident is overtime.
Above process all is to carry out under the prerequisite that does not influence safe SOC system operate as normal, has both guaranteed the integrality of system works, has realized the security function of system again.
As shown in Figure 3, this is the workflow diagram of bus monitor 21 of the present invention, specifically comprises the following steps:
Step 1. is provided with the configuration information that needs in the bus monitoring process in dispensing unit;
Step 2. condition judgment unit is according to the configuration information of dispensing unit, the current bus behavioural information that provides in conjunction with bus control signal, judge whether bus is monitored, and generate control signal, send data to be calculated to the hardware algorithm unit to control valid data unit;
Step 3. valid data selected cell is according to the control information of condition judgment unit, the data of from bus address, bus master number, bus read data or write data, dispensing unit output key, selecting to be calculated, and data to be calculated are sent to the hardware algorithm unit, indication hardware algorithm unit carries out computing to it;
The control signal that the described hardware algorithm of step 4. unit sends according to the valid data selected cell is treated computational data and is carried out computing by the selected algorithm of dispensing unit, and final calculation result is sent to the comparison output unit;
The described relatively output unit of step 5. compares the result of hardware algorithm unit output with the expected result that dispensing unit presets, triggering alerting signal and be sent to system control unit when inconsistent;
Step 6. when bus monitor finish once effectively visit computing after, its inner counter increases progressively automatically, and returns step 2 and repeat to monitor; After bus monitor is finished effective access times that dispensing unit monitors the length register definition, can stop to monitor according to the control mode of control register, or wait when satisfying the bus access that monitors initial conditions next time and taking place, repeat supervision.
In the work, bus monitor is at first according to relevant register configuration in the dispensing unit 204, work behavior in conjunction with current bus, judge whether to bus monitor and monitor bus on which information (data, address etc.), the bus control information is as treating that monitoring data delivers to the hardware algorithm circuit and carry out computing, key can participate in computing in real time according to security needs, after the sequence of finishing designated length monitors, operation result and expectation value are compared, if unanimity as a result, illustrate that transmission is errorless, finish subsequent treatment by system controller otherwise provide warning message.If register configuration monitors that for repeating then after finishing this supervision, bus monitor repeats data flow shown in Figure 3.If desired the one section bus sequence behavior after the system reset is monitored that the default configuration of dispensing unit can be set to begin immediately monitor, monitors that the length register default setting is a rational nonzero value.After system starts working, the length and the expected result of this section bus sequence that should in time after the dispensing unit renewal resets, monitor.System reset like this, bus monitor will monitor the bus sequence behavior after resetting immediately; If the supervision length register of untimely configuration bus monitor and expected result register then monitor after the bus sequence of finishing default-length monitors and will give a warning to system; If in time disposed supervision length register and expected result register, whether monitor resets back designated length bus access sequence because attack or fault take place unusual with surveillance.
As shown in Figure 4, this is the safe SOC chip system of a typical unibus structure, comprising the bus monitor 21(1 that RAM407, memory interface 405, the present invention propose on a plurality of main equipments such as processor 401, DMA402 and the sheet) and bus monitor 21(2) etc. slave unit, system bus 404 couples together main equipment and slave unit as the transmission channel of data.Different with general safe SOC chip system is, integrated two separate bus monitors of the present invention 21 directly carry out real time monitoring to the SOC bus in this system, and the security performance of safe SOC chip will improve greatly.
As shown in Figure 5, this is the safe SOC chip system of a typical multiple bus architecture, has wherein comprised processor 501 equally, RAM509, high bandwidth memory interface 508, bus monitor of the present invention on a plurality of main equipments such as DMA402 and the sheet 21(1), bus monitor 21(2)Deng slave unit, system bus 505 and system bus 506 have constituted the multibus data transmission channel, and bus gating matrix 503 realizes the different address areas of a plurality of bus parallel interleaving access.
In the safe SOC chip system of multiple bus architecture, difference according to bus number, the quantity of bus monitor 21 is done corresponding change, be used for every bus is monitored in Fig. 5, bus monitor 21(1 respectively) be used for surveillance bus 505, bus monitor 21(2) is used for surveillance bus 506, independent mutually between each bus monitor 21, other behaviors are with unibus SOC systems compliant, and this has just guaranteed the safety of all buses in the safe SOC chip system.
The method according to this invention, behavior monitors to bus in real time under the situation that does not influence bus access efficient, whether detection system pays close attention to the behavior of specific bus access sequence because accident or malice fault attacks change; If specific bus access sequence behavior changes, the present invention will sound a warning to system, take suitable safety practice prevention potential safety hazard by system, prevent confidential information because the security of system operation is not correctly carried out and leaked.
The present invention also can monitor SOC bus protocol mistake, and gives system to make appropriate responsive this error reporting.The present invention also monitors the SOC bus because the bus timeout that misoperation or other reason cause, and gives system with overtime situation report; System can take appropriate measures and in time recover bus operation, prevents some mission criticals because bus timeout can not get carrying out.
In sum, the invention provides bus monitor and its implementation of a kind of SOC of raising system information safety, guarantee safe SOC chip at key message via the integrality in the handling process of bus, real-time and security, improve the work efficiency of system bus, improve the ability that information safety system stability and fault-resistant are attacked.
Although the present invention and some advantages thereof are described in detail in the above-described embodiment; yet; the person of ordinary skill in the field should be realized that; within the spirit and principles in the present invention; can make any modification, improvement, expansion etc., these modifications, improvement, expansion all are encompassed within protection scope of the present invention.

Claims (9)

1. bus monitor that improves the SOC security of system, it is characterized in that, described bus monitor is arranged between system bus and the system control unit, comprises dispensing unit, condition judgment unit, valid data selected cell, hardware algorithm unit and comparison output unit, wherein:
Described dispensing unit is used to be provided with the configuration information that need monitor with the memory bus control signal, and upgrades the state of bus monitor;
Described condition judgment unit is according to the configuration information of dispensing unit, and in conjunction with the current bus behavioural information that bus control signal provides, judging whether needs to start supervisory work, when needs are monitored, generates control signal to the valid data selected cell;
Described valid data selected cell is according to the control information of condition judgment unit and the configuration information of dispensing unit, key from the bus address of bus access, bus master number, bus read data or write data and dispensing unit is selected bus and is monitored data to be calculated, and send into the hardware algorithm unit, notice hardware algorithm unit is treated computational data and is carried out computing;
Described hardware algorithm unit carries out computing according to the control signal that dispensing unit, condition judgment unit send to the data to be calculated of valid data selected cell output, and final calculation result is sent to the comparison output unit;
Described relatively output unit compares the result of hardware algorithm unit output with the condition that dispensing unit presets, triggering alerting signal when inconsistent, and be sent to system control unit.
2. bus monitor according to claim 1 is characterized in that: also comprise overtime detecting unit, whether this unit real time monitoring bus control signal is overtime, and when overtime situation occurring, sends signal to system control unit.
3. bus monitor according to claim 1 is characterized in that: described dispensing unit comprises control register, is used to realize the difference control to the bus monitor work behavior; Monitor initial address register, be used for the bus access start address that the memory bus monitor begins to monitor; Monitor length register, be used for the number of times of the valid bus visit of configuration bus monitor supervision; At least one main equipment register is used for the bus access that configuration monitoring is specified bus master; The preset key register is used to store preset key; Expectation monitors result register, is used to store the supervision result of expectation; Overtime register is used for the maximum wait period of memory bus, when the bus latent period surpasses the value of this register configuration to the system control unit information that gives a warning.
4. bus monitor according to claim 3 is characterized in that: also comprise a bus state register, be used for the real-time bus state inquiry of main equipment.
5. bus monitor according to claim 3 is characterized in that: also comprise a Fault Address Register, be used for bus monitor monitors behind bus timeout, the address of bus timeout is stored, for the main equipment inquiry.
6. bus monitor according to claim 1 is characterized in that: the content to be calculated that satisfies guard condition in the described bus access includes but are not limited to the preset key of bus address, bus master number, bus read data or write data, dispensing unit output; The valid data selected cell is selected the part or all of as data to be calculated of these contents according to the configuration information of dispensing unit output.
7. bus monitor according to claim 1 is characterized in that: CRC algorithm, HASH algorithm are selected in described hardware algorithm unit, or symmetric encipherment algorithm is treated computational data and carried out computing.
8. a bus method for monitoring that improves the SOC security of system is characterized in that comprising the following steps:
Step 1. is provided with the configuration information that needs in the bus monitoring process in dispensing unit;
Step 2. condition judgment unit is according to the configuration information of dispensing unit, the current bus behavioural information that provides in conjunction with bus control signal, judge whether bus is monitored, and generate control signal, send data to be calculated to the hardware algorithm unit to control valid data unit;
Step 3. valid data selected cell is according to the control information of condition judgment unit, the data of from bus address, bus master number, bus read data or write data, dispensing unit output key, selecting to be calculated, and data to be calculated are sent to the hardware algorithm unit, indication hardware algorithm unit carries out computing to it;
The control signal that the described hardware algorithm of step 4. unit sends according to the valid data selected cell is treated computational data and is carried out computing by the selected algorithm of dispensing unit, and final calculation result is sent to the comparison output unit;
The described relatively output unit of step 5. compares the result of hardware algorithm unit output with the expected result that dispensing unit presets, triggering alerting signal and be sent to system control unit when inconsistent;
Step 6. when bus monitor finish once effectively visit computing after, its inner counter increases progressively automatically, and returns step 2 and repeat to monitor; After bus monitor is finished effective access times that dispensing unit monitors the length register definition, can stop to monitor according to the control mode of control register, or wait when satisfying the bus access that monitors initial conditions next time and taking place, repeat supervision.
9. method according to claim 8 is characterized in that: described configuration information comprises monitor enable bit, trigger mode control bit, guard condition, repeat to monitor that enabling control bit, overtime supervision control bit, monitoring algorithms selects position, data to be calculated to select position, preset key, supervision start address and/or expected result.
CN2010105409948A 2010-11-12 2010-11-12 Bus monitor for improving safety of SOC (System on a Chip) as well as realizing method thereof Active CN101989242B (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN2010105409948A CN101989242B (en) 2010-11-12 2010-11-12 Bus monitor for improving safety of SOC (System on a Chip) as well as realizing method thereof
US13/322,086 US8601536B2 (en) 2010-11-12 2011-02-28 Bus monitor for enhancing SOC system security and realization method thereof
PCT/CN2011/000326 WO2012062023A1 (en) 2010-11-12 2011-02-28 Bus monitor for improving system safety of system on chip (soc) and realizing method thereof
EP11784403.5A EP2472408B1 (en) 2010-11-12 2011-02-28 Bus monitor for improving system safety of system on chip (soc) and realizing method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2010105409948A CN101989242B (en) 2010-11-12 2010-11-12 Bus monitor for improving safety of SOC (System on a Chip) as well as realizing method thereof

Publications (2)

Publication Number Publication Date
CN101989242A true CN101989242A (en) 2011-03-23
CN101989242B CN101989242B (en) 2013-06-12

Family

ID=43745781

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010105409948A Active CN101989242B (en) 2010-11-12 2010-11-12 Bus monitor for improving safety of SOC (System on a Chip) as well as realizing method thereof

Country Status (4)

Country Link
US (1) US8601536B2 (en)
EP (1) EP2472408B1 (en)
CN (1) CN101989242B (en)
WO (1) WO2012062023A1 (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102508750A (en) * 2011-10-27 2012-06-20 青岛海信信芯科技有限公司 Device and method for detecting internal modules of SOC (system-on-chip)
CN102592083A (en) * 2011-12-27 2012-07-18 深圳国微技术有限公司 Storage protecting controller and method for improving safety of SOC (system on chip)
CN103810074A (en) * 2012-11-14 2014-05-21 华为技术有限公司 System-on-chip and corresponding monitoring method
CN104219573A (en) * 2014-09-01 2014-12-17 联想(北京)有限公司 Data processing method and system on chip
CN107358123A (en) * 2016-05-10 2017-11-17 中国科学院微电子研究所 A kind of safety detection method and device
WO2018076650A1 (en) * 2016-10-31 2018-05-03 深圳市中兴微电子技术有限公司 Method and device for monitoring axi bus, and computer readable storage medium
CN108416220A (en) * 2017-02-09 2018-08-17 深圳市中兴微电子技术有限公司 A kind of access control method and device
CN109491856A (en) * 2017-09-12 2019-03-19 中兴通讯股份有限公司 Monitoring bus system, method and device
CN113190400A (en) * 2021-04-19 2021-07-30 思澈科技(上海)有限公司 Bus monitoring module and monitoring method suitable for AHB protocol
CN113672510A (en) * 2021-08-19 2021-11-19 长沙海格北斗信息技术有限公司 Software program debugging method for SoC system
CN113761560A (en) * 2021-09-15 2021-12-07 北京中科胜芯科技有限公司 On-chip bus system safety transmission device suitable for Soc FPGA
CN115391132A (en) * 2022-06-14 2022-11-25 北京中科昊芯科技有限公司 Monitoring and diagnosing device and chip
CN116938451A (en) * 2023-09-14 2023-10-24 飞腾信息技术有限公司 Password operation method, device, system on chip and equipment
CN117009185A (en) * 2023-09-14 2023-11-07 飞腾信息技术有限公司 Bus monitoring method, device, system on chip and equipment
CN117130668A (en) * 2023-10-27 2023-11-28 南京沁恒微电子股份有限公司 Processor fetch redirection time sequence optimizing circuit
CN117521570A (en) * 2024-01-05 2024-02-06 北京凯芯微科技有限公司 Bus timeout detection circuit, method, chip and electronic equipment

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102662782B (en) * 2012-04-17 2014-09-03 华为技术有限公司 Method and device for monitoring system bus
CN103856364A (en) * 2012-12-04 2014-06-11 鸿富锦精密工业(深圳)有限公司 Bus signal monitoring device and method
DE102013203365A1 (en) * 2013-02-28 2014-08-28 Siemens Aktiengesellschaft Method and circuit arrangement for controlled accesses to slave units in a one-chip system
KR20140113175A (en) * 2013-03-15 2014-09-24 삼성전자주식회사 Bus Protocol Checker, System on Chip having the same and Method for checking bus protocol
DE102013216699A1 (en) 2013-08-22 2015-02-26 Siemens Ag Österreich Method and circuit arrangement for securing against scanning of an address space
CN104572515B (en) * 2013-10-28 2019-05-31 锐迪科(重庆)微电子科技有限公司 Tracking module, method, system and on-chip system chip
US9268970B2 (en) 2014-03-20 2016-02-23 Analog Devices, Inc. System and method for security-aware master
CN104268487B (en) * 2014-09-23 2017-04-26 杭州晟元数据安全技术股份有限公司 Reset and self-destruction management system for security chip
KR20180074197A (en) 2016-12-23 2018-07-03 삼성전자주식회사 Bus traffic control apparatus and bus system having the same
DE102017219242A1 (en) * 2017-10-26 2019-05-02 Audi Ag One-chip system, method for operating a one-chip system and motor vehicle
WO2019112606A1 (en) * 2017-12-08 2019-06-13 Hewlett-Packard Development Company, L.P. Blocking systems from responding to bus mastering capable devices
KR102600704B1 (en) * 2018-12-05 2023-11-08 현대자동차주식회사 Method and apparatus for protecting confidential information in an electric car power transmission system
CN111078492B (en) * 2019-10-25 2023-07-21 芯创智(上海)微电子有限公司 State monitoring system and method for SoC internal bus
DE102021200411A1 (en) 2021-01-18 2022-07-21 Robert Bosch Gesellschaft mit beschränkter Haftung Bus system with error detection function
US20240095367A1 (en) * 2022-05-09 2024-03-21 Amazon Technologies, Inc. Verifying encryption of data traffic

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1423198A (en) * 2001-11-29 2003-06-11 三星电子株式会社 Data bus apparatus and control method for effectively compensating fault signal line
CN101086713A (en) * 2006-06-06 2007-12-12 松下电器产业株式会社 Bus watch circuit
CN101334760A (en) * 2007-06-26 2008-12-31 展讯通信(上海)有限公司 Method, device for controlling bus illegal operation and system embodying the device
CN101667152A (en) * 2009-09-23 2010-03-10 华为技术有限公司 Computer system and method for monitoring bus of same

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0760978B1 (en) * 1994-05-26 2004-09-29 The Commonwealth Of Australia Secure computer architecture
JP4008086B2 (en) * 1998-02-04 2007-11-14 沖電気工業株式会社 Data monitor circuit
US6141757A (en) * 1998-06-22 2000-10-31 Motorola, Inc. Secure computer with bus monitoring system and methods
US6986052B1 (en) * 2000-06-30 2006-01-10 Intel Corporation Method and apparatus for secure execution using a secure memory partition
US7277972B2 (en) * 2002-03-08 2007-10-02 Freescale Semiconductor, Inc. Data processing system with peripheral access protection and method therefor
US20030221030A1 (en) * 2002-05-24 2003-11-27 Timothy A. Pontius Access control bus system
US8266444B2 (en) * 2002-11-27 2012-09-11 Entropic Communications, Inc. Chip integrated protection means
US20050204155A1 (en) * 2004-03-09 2005-09-15 Nec Laboratories America, Inc Tamper resistant secure architecture
EP1619572A1 (en) * 2004-07-23 2006-01-25 Texas Instruments Incorporated System and method of identifying and preventing security violations within a computing system
US8160244B2 (en) * 2004-10-01 2012-04-17 Broadcom Corporation Stateless hardware security module
US7958396B2 (en) * 2006-05-19 2011-06-07 Microsoft Corporation Watchdog processors in multicore systems
US8560863B2 (en) * 2006-06-27 2013-10-15 Intel Corporation Systems and techniques for datapath security in a system-on-a-chip device
CN100395733C (en) * 2006-08-01 2008-06-18 浪潮齐鲁软件产业有限公司 Method for improving SOC chip security dedicated for financial tax control
US20090094702A1 (en) * 2007-10-04 2009-04-09 Mediatek Inc. Secure apparatus, integrated circuit, and method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1423198A (en) * 2001-11-29 2003-06-11 三星电子株式会社 Data bus apparatus and control method for effectively compensating fault signal line
CN101086713A (en) * 2006-06-06 2007-12-12 松下电器产业株式会社 Bus watch circuit
CN101334760A (en) * 2007-06-26 2008-12-31 展讯通信(上海)有限公司 Method, device for controlling bus illegal operation and system embodying the device
CN101667152A (en) * 2009-09-23 2010-03-10 华为技术有限公司 Computer system and method for monitoring bus of same

Cited By (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102508750A (en) * 2011-10-27 2012-06-20 青岛海信信芯科技有限公司 Device and method for detecting internal modules of SOC (system-on-chip)
CN102592083A (en) * 2011-12-27 2012-07-18 深圳国微技术有限公司 Storage protecting controller and method for improving safety of SOC (system on chip)
US9952963B2 (en) 2012-11-14 2018-04-24 Huawei Technologies Co., Ltd. System on chip and corresponding monitoring method
CN103810074A (en) * 2012-11-14 2014-05-21 华为技术有限公司 System-on-chip and corresponding monitoring method
CN103810074B (en) * 2012-11-14 2017-12-29 华为技术有限公司 A kind of on-chip system chip and corresponding monitoring method
CN104219573A (en) * 2014-09-01 2014-12-17 联想(北京)有限公司 Data processing method and system on chip
CN107358123B (en) * 2016-05-10 2020-11-03 中国科学院微电子研究所 Safety detection method and device
CN107358123A (en) * 2016-05-10 2017-11-17 中国科学院微电子研究所 A kind of safety detection method and device
CN108009065A (en) * 2016-10-31 2018-05-08 深圳市中兴微电子技术有限公司 The method and apparatus for monitoring AXI buses
CN108009065B (en) * 2016-10-31 2020-02-07 深圳市中兴微电子技术有限公司 Method and apparatus for monitoring AXI bus
WO2018076650A1 (en) * 2016-10-31 2018-05-03 深圳市中兴微电子技术有限公司 Method and device for monitoring axi bus, and computer readable storage medium
CN108416220A (en) * 2017-02-09 2018-08-17 深圳市中兴微电子技术有限公司 A kind of access control method and device
CN108416220B (en) * 2017-02-09 2021-02-09 深圳市中兴微电子技术有限公司 Access control method and device
CN109491856A (en) * 2017-09-12 2019-03-19 中兴通讯股份有限公司 Monitoring bus system, method and device
CN113190400A (en) * 2021-04-19 2021-07-30 思澈科技(上海)有限公司 Bus monitoring module and monitoring method suitable for AHB protocol
CN113672510B (en) * 2021-08-19 2024-04-16 长沙海格北斗信息技术有限公司 Software program debugging method for SoC system
CN113672510A (en) * 2021-08-19 2021-11-19 长沙海格北斗信息技术有限公司 Software program debugging method for SoC system
CN113761560A (en) * 2021-09-15 2021-12-07 北京中科胜芯科技有限公司 On-chip bus system safety transmission device suitable for Soc FPGA
CN115391132A (en) * 2022-06-14 2022-11-25 北京中科昊芯科技有限公司 Monitoring and diagnosing device and chip
CN115391132B (en) * 2022-06-14 2024-03-29 北京中科昊芯科技有限公司 Monitoring and diagnosing device and chip
CN117009185A (en) * 2023-09-14 2023-11-07 飞腾信息技术有限公司 Bus monitoring method, device, system on chip and equipment
CN116938451B (en) * 2023-09-14 2023-12-22 飞腾信息技术有限公司 Password operation method, device, system on chip and equipment
CN116938451A (en) * 2023-09-14 2023-10-24 飞腾信息技术有限公司 Password operation method, device, system on chip and equipment
CN117130668A (en) * 2023-10-27 2023-11-28 南京沁恒微电子股份有限公司 Processor fetch redirection time sequence optimizing circuit
CN117130668B (en) * 2023-10-27 2023-12-29 南京沁恒微电子股份有限公司 Processor fetch redirection time sequence optimizing circuit
CN117521570A (en) * 2024-01-05 2024-02-06 北京凯芯微科技有限公司 Bus timeout detection circuit, method, chip and electronic equipment
CN117521570B (en) * 2024-01-05 2024-04-02 北京凯芯微科技有限公司 Bus timeout detection circuit, method, chip and electronic equipment

Also Published As

Publication number Publication date
EP2472408A1 (en) 2012-07-04
CN101989242B (en) 2013-06-12
WO2012062023A1 (en) 2012-05-18
US20130219452A1 (en) 2013-08-22
EP2472408B1 (en) 2015-07-29
EP2472408A4 (en) 2013-07-31
US8601536B2 (en) 2013-12-03

Similar Documents

Publication Publication Date Title
CN101989242B (en) Bus monitor for improving safety of SOC (System on a Chip) as well as realizing method thereof
CN108573144B (en) Secure execution context data
CN100489805C (en) Autonomous memory checker for runtime security assurance and method therefore
CN103140841B (en) The method and apparatus of the part of protected storage
TWI395138B (en) Microprocessor having a secure execution mode with provisions for monitoring, indicating, and managing security levels
TWI385574B (en) Microprocessor apparatus for secure on-die real-time clock
CN101176069A (en) Method and system for validating a computer system
JPH0752389B2 (en) Computer software usage control device
CN101952831A (en) Computer system with primary processor and security boundary auxiliary processor
JP6017709B2 (en) Tiered virtual machine integrity monitoring
TW202046099A (en) Detecting security threats by monitoring chains of configuration changes made to basic input/output system (bios) or unified extensible firmware interface (uefi) attributes
CN113557516A (en) Alarm handling
CN110069361A (en) Method and device for TPM (trusted platform Module) failover
TWI772988B (en) System for verifying integrity of content of register and method thereof
US20140136806A1 (en) Authenticated Operations and Event Counters
CN101369141B (en) Protection unit for a programmable data processing unit
CN104750594A (en) Monitoring device for monitoring a circuit
CN107341085B (en) Control device
JPH08508352A (en) Safe critical processor and processing method for data processing system
JP2002543492A (en) Protection of the computer core against external manipulation
CN109583196B (en) Key generation method
US9213864B2 (en) Data processing apparatus and validity verification method
CN106874796A (en) The safety detection and fault-tolerance approach of instruction stream in system operation
CN109598150B (en) Key using method
Liu et al. Research on cyber security countermeasure technique of safety DCS in nuclear power plant

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CP03 Change of name, title or address

Address after: 22A, Guoshi building, 1801 Shahe West Road, high tech Zone, Yuehai street, Nanshan District, Shenzhen City, Guangdong Province

Patentee after: GUOWEI GROUP (SHENZHEN) Co.,Ltd.

Address before: 518000 Guangdong city of Shenzhen province high tech Industrial Park South high SSMEC building 2F

Patentee before: SHENZHEN STATE MICRO TECHNOLOGY Co.,Ltd.

CP03 Change of name, title or address